At a November, 2005 workshop at the Santa Fe Institute, Dr. Sarah Gordon of Symantec presented the results of her research into hacker psychology. Her main point was that law enforcement has almost no impact upon the problem. “Criminals don’t look at risk and reward the same way we do.” Additionally, in her psychological evaluations of virus writers, she found that many of them lacked what psychologists regard as a criminal mentality. Instead, they wrote and released viruses as experiments, to gain credibility with peers, to feel special, become famous, or out of adolescent rebellion. These sorts of people, she concluded, also would not be deterred by law enforcement.

In a study that began in 1994, Gordon tracked the development of four adolescent virus writers who did not fit the psychological profile of criminals. Within two years, “All went into normal things. One went to MIT (Massachusetts Institute of Technology).”

By contrast, she found that those who wrote viruses as adults tended to fit the psychological profile of criminals. One whom she tracked “went into cybercrime of different sorts” as he aged.

Gordon revealed that hackers, defined as people who illegally break into computers, have a different psychological profile from virus writers. Some hackers, she said, let difficulty deter them, whereas virus writers seek out challenges. Hackers tend to feel break-ins as a personal challenge, a battle of equals, feel one with the machine, and crave a sense of control. Virus writers, by contrast, often feel removed from events, like to let their creations go out of their control, and often blame the users when their systems become infected.

Because of these different psychological profiles, she said, hackers and virus writers form separate communities. Nowadays, traditional criminals are making use of the technology of the age, i.e. computing. Therefore, some young hackers are taking part in serious criminal activities. However, it is not the case that the traditional hacker culture itself has become criminal.

She concluded by saying that defense, not deterrence, is the solution to computer crime.